ET Threatview.io High Confidence Cobalt Strike C2 IP group 16

SID: 2527015Rev: 1621428 viewsHistory

Sourceet/open

CreatedDecember 9, 2021

UpdatedMay 29, 2026

Classificationmisc-attack

alert ip [139.60.161.48,139.60.161.83,139.60.160.17,87.251.64.5,139.60.161.60,84.32.190.30,179.60.146.39,64.190.113.189,84.32.188.104,84.32.188.104,139.60.161.165,139.60.161.83,139.60.161.163,3.99.186.201,3.249.115.17,139.60.161.89,139.60.161.52,139.60.160.51,139.60.161.89,43.155.96.44,137.184.22.236,139.60.161.69,46.21.153.159,146.70.44.170,46.21.153.153,146.70.44.136,46.21.153.159,46.21.153.153,139.60.161.216,146.70.44.170,146.70.44.136,146.70.44.137,91.210.104.121,139.60.161.32,139.60.161.225,146.0.74.45,144.202.12.220,84.32.188.60,139.60.161.236,139.60.161.89,18.117.254.165,139.60.161.24,179.60.146.39,23.227.198.246,194.37.97.153,65.21.237.219,146.70.87.66,146.70.44.136,146.70.44.170,164.92.70.225] any -> $HOME_NET any (msg:"ET Threatview.io High Confidence Cobalt Strike C2 IP group 16"; reference:url,threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt; threshold:type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2527015; rev:1621; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Threatview_CS, signature_severity Major, created_at 2021_12_09, updated_at 2026_05_29;)

References

url	threatview.io/Downloads/High-Confidence-CobaltStrike-C2%20-Feeds.txt

Metadata

affected productAny

attack targetAny

deploymentPerimeter

tagThreatview_CS

signature severityMajor

created at2021_12_09

updated at2026_05_29

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!